Twitter, the popular social media platform with more than 300 million users every month, was suddenly unreachable on Friday — along with dozens of other popular sites ncluding the music streaming site Spotify — for at least part of the internet. The massive outage was the result of a cyberattack now under investigation by federal authorities.
The attacks reportedly utilized a software program called Mirai, that was released onto the “dark web” — the areas on the internet hidden from major search engines — earlier this month, according to a report in USA Today. Mirai is a simple program that requires no specialized hacking experts, the report said.
At least three separate attacks were reported starting at around 7 a.m. Eastern Time, continuing past the 4 p.m. hour.
What happened? Here’s what you need to know.
1. The Outage Resulted From Massive Cyberattacks Involving Millions of Computers
The outage that sent Twitter and at least 60 sites offline was the work of hackers — though who they were and where they were from remains unknown. The hackers unleashed at least three massive Distributed Denial of Service, or DDoS, attacks not against Twitter and the other sites specifically, but against Dyn, Inc., the company that proves Domain Name Server services to those sites. The company is based in Manchester, New Hampshire.
A Domain Name Server is something like a phonebook for the internet. It’s a computer that translates human-readable domain names such as “Twitter.com” or “Spotify.com” into numerical addresses, known as IP addresses. Without access to those IP addresses, your internet-connected computer cannot figure out where to send your requests. So without a DNS lookup, when you click on link containing, for example, twitter.com — you get nothing.
Dyn, Inc. called the attacks, “well planned and executed, coming from tens of millions IP addresses at same time.”
“It’s a very smart attack. We start to mitigate, they react. It keeps on happening every time,” Dyn, Inc. Chief Strategy OfficerKyle York told reporters Friday afternoon.
2. Homeland Security is Investigating the Cyberattack
Early Friday afternoon, NBC News reported that the United States Department of Homeland Security was investigating the widespread cyberattack.
The White House was aware of the situation, and according to presidential Spokesperson Josh Earnest, Homeland Security was “monitoring” the attacks, but there was currently no information as to who may have been behind them.
According to a Reuters report, the FBI is also investigating the source of the expansive cyberattack.
As of Friday morning, the culprits behind the massive DDoS attack were a mystery. Malicious hacking has become a major concern over the past few years, with hacker attacks hitting the Hollywood movie studio Sony Pictures, and more recently, the Democratic National Committee and the Hillary Clinton presidential campaign.
Those attacks, mainly designed to steal information, have been blamed by U.S. intelligence agencies on “state actors,” such as North Korea and Russia. Friday’s attack appears primarily designed to disrupt service.
The Friday cyberattack came just two days after police in the Czech Republic, working with the F.B.I., announced the arrest of a Russian hacker allegedly involved with a huge data breach targeting the business networking site LinkedIn in 2012. Read about that arrest in the story at this link.
3. Many of the Internet’s Top Sites Went Down
In addition to Twitter and Spotify, there were also reports that the self-described “front page of the internet” Reddit was also out for several hours. The attack, which was confined mainly to the United States east coast, was first reported at 7:10 a.m. Eastern Daylight Time.
Other sites hit included Easy, Github, SoundCloud, Heroku, PagerDuty and Shopify.
Amazon.con reported outages, as did CNN.com, People.com and The New York Times wen site.
There were also reports that Netflix and PayPal went down for a period of time Friday morning, as well as iHeart Radio, Air BnB, HBO Now, Yelp and others.
4. Service Was Restored — Until a Second Attack, Then a Third
“Starting at 11:10 UTC on October 21st-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time,” Dyn DNS reported this morning.
But the DNS provider later reported on its web site that the issues stemming from the cyberattack were cleared up by 9:40 a.m. Eastern.
But at 11:52 a.m., Dyn reported that a second wave of DDoS attacks was underway, taking out access to many major sites yet again.
Just after 2 p.m. Dyn announced that it had solved the problem — again — and was trying to figure out what happened.
But a third attack hit soon after — affecting the company which provides DNS services to six percent of American Fortune 500 companies.
Just last month, cybersecurity expert Bruce Schneier published a report entitled, “Someone Is Learning How to Take Down the Internet.” In the report, Schneider warned that hackers — who may or may not be state-sponsored — have been attempting and succeeding in carrying out DDoS attacks on increasingly larger scales.
“Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down,” Schneider wrote. “We don’t know who is doing this, but it feels like a large a large nation state. China and Russia would be my first guesses.”
5. You Can Buy a DNS Attack, and it’s Pretty Cheap
Even if the hackers are found, the true forces behind Friday’s cyberattack could still remain unknown. According to a report by Trend Micro Research, Russian hackers will pull of a DDoS attack for as little as $150. Cybersecurity experts report about 2,000 DDoS attacks on the internet every day.
To carry out a DDoS attack, hackers use what they call a “BotNet,” which is a network of computers that has been infected with a malware, programming them to send out requests to specific sites on the internet without the owner of the infected computer having any idea. BotNets are bought and sold on the black market, and when the hacker-in-charge gives the signal, every computer on the BotNet fires off hundreds or thousands of requests to a specific address.
The idea is to overwhelm a server, rendering in incapable of functioning. The result for a user who wants to access a particular site — say, Twitter, for example — is that the site appears offline, or “down.” the video, above, provides a basic explanation of how DDoS attacks work.